• CthuluVoIP@lemmy.world
    link
    fedilink
    English
    arrow-up
    61
    arrow-down
    5
    ·
    11 months ago

    This article is basically summed up: “VPNs don’t completely eliminate your digital footprint, so don’t use them unless you need to accomplish these specific things.”

    It seems pretty disingenuous to discourage people from taking steps to protect their privacy in this way. It may not be sponsored, but it’s still bullshit.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      11 months ago

      There’s a whole segment of humanity who refuse to do anything. Perfect is the enemy of good in their mind. Better to do nothing than not be perfect.

      You don’t need curtains… most people are polite enough not to watch you, and peeping toms are already illegal. Besides a peeping tom could break into your house at any time, so curtains are pointless.

    • tacosanonymous@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      They are the specific thing that I do while using the internet too.

      But you’re right that any use of the internet could use any increase towards privacy.

    • corbin@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      26
      ·
      11 months ago

      VPNs don’t really protect your privacy though, except in cases where you’ve already eliminated other means of tracking (e.g. fresh incognito browser tab + VPN). Every website and service I use still has a record of my activity if I’m logged in, advertiser networks have other means of tracking you, etc.

      The issue is buying a VPN and thinking that’s the end of it.

      • xenspidey@lemmy.zip
        link
        fedilink
        English
        arrow-up
        33
        arrow-down
        1
        ·
        11 months ago

        It protects your ip address, and your ISP from knowing what you’re doing. It also protects you on public wifi from nefarious actors. VPN’s aren’t meant to protect you from Google advertising while checking your Gmail account…

        • corbin@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          14
          ·
          11 months ago

          Are there attack vectors through public Wi-Fi in recent history? Now that most sites and services are HTTPS there’s nothing they can do except do network-level blocks.

          • grabyourmotherskeys@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            4
            ·
            edit-2
            11 months ago

            Unless they intercept the handshake as a proxy and have access to everything after that. The average Starbucks employee is not doing this.

            An Israeli spy tracking down an arms dealer might figure out how to do this at a hotel the target was using, but the arms dealer would know that.

            Edit: I think some vps would notice this happening, fwiw.

            • hedgehog@ttrpg.network
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Unless they intercept the handshake as a proxy and have access to everything after that.

              You’re thinking of a MitM proxy, and generally speaking what you described is not a risk when using public wifi.

              There are two ways you can set up a MitM proxy:

              1. Forward all traffic back to the user unencrypted (over HTTP)
              2. Forward all traffic back to the user encrypted (with HTTPS)

              The first option will result in prominent warnings in all modern browsers. If the sites in question implemented HSTS and the user has visited them before, the browser will outright refuse to load them.

              The second option will result in even more prominent warnings that you have to go out of your way to bypass in all browsers. The only way it wouldn’t would be if one or more of the following is true:

              1. your computer has already been compromised and root certificates were installed, such that the proxy owner could use it to sign the certificates
              2. if a certificate authority was compromised, or
              3. if the site itself was compromised (e.g., if the attacker was able to acquire the SSL cert used for the site or the credentials necessary to generate a new, trusted one).
              • grabyourmotherskeys@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                Hence “won’t happen at Starbucks, might if Mossad is after you”. Thanks for adding the details. I feel like most people think vpns are magic but also radically overestimate their personal risk.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        They certainly increase your privacy.

        Nothing “protects”, that’s an absolute. Everything we do are steps toward increasing privacy.

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    40
    arrow-down
    1
    ·
    11 months ago

    useless article. mentions dns: zero times.

    He is so focused on the client he loses track of why you’d not want your local isp to do anything more than route your vpnd packets.

  • lovesickoyster@lemmy.world
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    2
    ·
    edit-2
    11 months ago

    This article is such bullshit - every single paragraph is the same “vpn protects you against this but there’s this fringe case where it does not so you don’t need a vpn”. Corbin, you shit the bed on this one.

  • Garbanzo@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    11 months ago

    I most definitely do need a VPN. I’m completely over being subscribed to multiple streaming services and trying to remember/figure out which one has which shows. VPN service is cheaper and everything I want to watch ends up in one place. 🦜🏴‍☠️

    • narc0tic_bird@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      The article specifically states that using one for piracy is recommended. Hence the use of the word “probably” in the title.

  • rizoid@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    22
    ·
    11 months ago

    Protect your privacy and use a no log VPN. This article is just as much bs as he claims VPN marketing is.

  • The Barto@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    3
    ·
    11 months ago

    The ol “I had a quota to fill and I hate and/or don’t understand something people like” form of journalism again I see.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    11 months ago

    https://www.privacyguides.org/en/basics/vpn-overview/

    If you want to real, reasoned, nuanced discussion of the benefits and costs of using a VPN. I cannot recommend privacy guides highly enough

    Tldr: VPNs are great, at obscuring your local traffic from your ISP, but then the VPN can see your traffic. You have to think about the trade-offs in your scenario

  • LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Ironic:

    Most advertising networks, including Google Ads, primarily use cross-site cookies (eventually to be replaced by the Privacy Sandbox)

    Which includes the link to the same blog, where the guy gives you instructions to disable Privacy Sandbox.

    If you say VPNs can be subverted because other tracking identifiers can be used too, why providing instructions for disabling the other tracking identifiers, but encourage people to avoid disabling something as prevalent as an IP address?

  • BlackPit@feddit.ch
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    This article is disingenuous at best and either fueled by ignorance or malice. Another comment suggested it wasn’t officially sponsored, but it still could’ve been bought. Having said, I have to agree with some of the sentiment. I’ve seen advertising on public TV from the likes of NordVPN that is downright fraudulent. Their claims are deceptive and unfounded. Then there’s the recent acquisition of Express and PIA by an old school scammer/spammer. Additionally, many free VPNs are actually surveillance malware and SHOULD be avoided. Any encryption offered publicly by large corporate data-stealing privacy-abusing parasites should be avoided in any form.

    For anyone reading this that is hesitant to using VPN because of the article, be encouraged that VPNs are extremely effective at securing your data during transit. They are NOT an outright privacy tool, but can be used as part of your privacy plan. VPNs do NOT make you anonymous! A truthful VPN service provider will say this openly. Like IVPN (Bottom of front page) and Mullvad , both of which attempt to educate customers .

    If you’re someone who finds it hard to trust any company whatsoever, then you can host VPN yourself. Admittedly a learning curve to hurdle, but regardless of which method you choose, if your provider is genuine then I see it as a necessity in the effort to keep loved ones safer.

  • OfficerBribe@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Do not understand the downvotes and comments saying article is bullshit. Maybe it all depends on country / ISP, but I have never even thought I need VPN where I live. And since practically all sites indeed use HTTPS all they could get are IPs and possibly hostnames (I do not use ISP DNS).

    Only meaningful reason I can think of privacy wise are these scenarios:

    A)

    1. You have a static IP and it gets leaked with other info like your real name / personal mail address from site A
    2. Only your IP is leaked for site B
    3. By cross referencing site A and B info, you can determine identity for site B user

    B)

    1. You have a static IP and it gets leaked with other info like your real name / personal mail address from site A
    2. You visit site B and whoever has logs of that site could tie your actions to your identity by using leaks from site A breach